Releases: SonarSource/sonar-dotnet
Releases · SonarSource/sonar-dotnet
8.2-RC1
Dear .NET developers,
We have a small Christmas present for you: SonarCSharp 8.2-RC1, coming with a brand new bug detection engine bundled inside. The first rule implemented on top of this engine is S3949: Calculations should not overflow.
Please try it out and see if you have some tricky integer overflows in your code!
We plan to do the GA release of SonarCSharp 8.2, which will get deployed on SonarCloud, in January 2020.
Thanks,
Andrei
New Rules
8.1
New Rules
- 2749 - [C#] Rule S5547: Cipher algorithms should be robust
- 2755 - [C#, VB.NET] Rule S4830: Server certificates should be verified during SSL/TLS connections
- 2750 - [C#, VB.NET] Rule S5542: Encryption algorithms should be used with secure mode and padding scheme
Improvements
- 2754 - [C#, VB.NET] S2068 should consider NetworkCredential and PasswordDeriveBytes
- 2705 - [C#] Rules S3330 and S2092 should support CookieOptions object (missing HttpOnly or Secure flags)
- 2753 - [C#] Rules S3330 and S2092 should support NancyCookie object (missing HttpOnly or Secure flags)
- 2860 - Add debug logging for each code coverage and test results importer
False Positive
- 2776 - [C#, VB.NET] Fix S4136 FP: should not raise when static methods are grouped together
- 2555 - [C#, VB.NET] Fix S1226 FP: Parameters wrongly considered as unread before reassignment
- 2674 - [C#, VB.NET] Fix S4143 FP: with
List<T>.Addmethod calls - 2758 - [C#] Fix S1128 FP: when using System.Linq query syntax
- 2747 - [C#] Fix S1128 FP: when using GetAwaiter() extension method
- 2694 - [C#] Fix S1128 FP: documentation tags are not taken into account
- 2461 - [C#] Fix S1168 FP: when returning null in LINQ lambda
8.0
New Rules
- 2687 - [C#] Rule S4635: String offset-based methods should be preferred for finding substrings from offsets
- 2686 - [C#] Rule S4487: Unread "private" fields should be removed
- 2685 - [C#] Rule S2479: Whitespace and control characters in string literals should be explicit
- 2684 - [C#] Rule S2857: SQL keywords should be delimited by whitespace
- 2683 - [C#] Rule S2251 A "for" loop update clause should move the counter in the right direction
Improvements
- 2743 - [C#] Modify S3330 to become a Security Hotspot
- 2714 - [C#] Update S2699: add support for the latest version of FluentAssertions (5.9.0)
- 2709 - [C#] Update S2699: add support for NSubstitute 4.2.1
- 1971 - SonarQube 8.0 - Remove deprecated metrics
Bug Fixes
- 2738 - [VB.NET] Fix NRE in VisualBasicCognitiveComplexityMetric due to null ParameterList
- 2594 - [VB.NET] Fix multiple NRE occurrences in SonarVbnet
- 2451 - [C#] Fix S2699 FP: Support
NUnitTestCase and ExpectedResult - 2426 - [C#]
VarPatternnot supported in the analyzer (when building with MSBuild 16)
Breaking changes
- dropping support for SonarQube 6.7 LTS, stop publishing deprecated metrics
7.17
New Rules
- 2346 - [VB.NET] Update S2302 to verify string phrases and implement it for VB.NET
- 2210 - [C#] Rule S1128: Useless usings should be removed
- 2093 - [C#] Rule S5034: "ValueTask" should be consumed correctly
- 1330 - [C#] Rule S4583: "BeginInvoke" should be paired with "EndInvoke"
- 1168 - [C#, VB.NET] Rule S4136: Method overloads should be grouped together
- 768 - [C#] Rule S1199: Nested code blocks should not be used
- 681 - [C#, VB.NET] Rule S4201: Null checks should not be redundant
- 616 - [C#] Rule S2252: Loop conditions should be true at least once
Improvements
- 2624 - Further improve debug logging when importing code coverage and test coverage
7.16
We fixed 26 false positives, out of which 23 were related to the Control Flow Graph and the Symbolic Execution engine.
Improvements
- 2576 - [C#] Fix FP and FN due to treating
IsNullOrWhiteSpaceas is equal to null - 2549 - [C#] Improve CFG for
trystatement: replace the 2 finally blocks with one finally block - 2542 - [C#] Log exception details when building and analyzing the
CSharpExplodedGraph - 2513 - [C#, VB.NET] Log exception message when not parsing the coverage report
- 2491 - [C#] Fix S3966: FP when
leaveOpenparameter is used - 2481 - [C#, VB.NET] Add static analyzer documentation
- 2476 - [C#] Fix S3900 FP:
refmethod invocation arguments - 2469 - [C#] Fix S3928: FP when analyzing indexers
- 2442 - [C#] Fix S2583 FP: certains configuration of conditions lead to wrong detection of dead code
- 2431 - [C#] Fix S109: FP with auto-property assignment
- 2393 - [C#] Fix S1854 FP:
try-catchinside a loop - 2369 - [C#] Fix S2583: FP with null-coalescing operator
- 2361 - [C#] Fix S2259: FP with null conditional operator
- 2348 - [C#] Fix S2589: False Positive with foreach loop
- 2338 - [C#] Fix S2259: FP on switch statements
- 2337 - [C#] Fix S2683 FP:
Nullable<bool> ?? false - 2322 - [C#] Fix S4035: FP for abstract declarations
- 2311 - [C#] Fix S1854 FP:
case whensyntax not supported when pattern is a constant - 2240 - [C#] Fix S2259: False positive with switch and pattern matching case blocks
- 2164 - [C#] Fix S2589: FP with conditional access in previous condition
- 2134 - [C#] Fix S2583 - FP when using null propagation followed by null coalesence
- 2010 - [C#] Fix S1172 FP:
case whenwhere the pattern is a constant - 1837 - [C#] Fix S2583: FP on evaluation after using null-conditional operator
- 1347 - [C#] Fix S2583: FP when using
??with an empty string - 1301 - [C#] Fix S2259: FP with Null Dereferencer
- 1295 - [C#] Fix S2589: "Condition evaluates to constant" false positive is generated in methods with yield
- 1187 - [C#] Fix S2583: FP for variables updated in foreach loop
- 1183 - [C#] Fix S2259: False positive in switch statement with conditional access operator
- 1160 - [C#] Fix Symbolic Execution : loops should be executed more than once
- 697 - [C#] Fix S1854 FP:
tryblock not connected tocatchwhen exception is thrown inside
7.15
New Feature
- 2324 - [C#, VB.NET] Add an option to enable the analysis of generated code
Improvements
- 2427 - [C#, VB.NET] S1940: FP with null-conditional operator
- 2424 - [C#] S2219 FP:
is objectis not always allowed for null-check - 2423 - [C#] S3906: False positive when using generic type constraint
- 2417 - False negative on Rule S2077: the use of operator + should raise an issue in VB.Net
- 2382 - [C#] Fix S2201: FP for string.Intern which has side effect
- 2099 - [C#] S4058 is raised incorrectly in case of Xunit Assert.Contains
- 1960 - [C#] Fix S3897: FP due to not checking IEquatable in inheritance chain
Bug Fixes
- 2259 - Trx parsing fails: Illegal character entity: expansion character (code 0xc
7.14
Adjust security hotspots before the release of SonarQube 7.8. You can read about the difference between a security hotspot and vulnerability in the docs.
Improvements
- 2394 - [C#] Rule S2077: Update rule by detecting only formatted or concatenated strings
- 2387 - [C#, VB.NET] Fix S2068 FP: should not raise for empty string
- 2386 - Rule S4784: Update implementation to target only hard-coded regex
- 2385 - Remove Security Hotspot rules which are not targeting developers
- 2384 - Update S2255: Remove Cookie reading from Rule S2255
- 2139 - Fix S4056: Rule recommends overload with completely different signature
Bug Fixes
- 2392 - [C#] Fix StringFormatValidator NRE due to array instantiation w/o initializer
7.13
Improvements
- 2357 - [C#] Fix S1075: should not report on virtual path on asp.net bundles
- 2352 - [C#] Update S4210: Rule should not suggest STAThreadAttribute for async main
- 2292 - [C#, VB.NET] Fix S4428: Rule should not raise an issue for derived attributes
- 2249 - [C#] Fix S1226: Variables that are passed as an argument to a method should be considered as read
- 2244 - Fix S3240: FP when using having lambdas within the IF-ELSE
- 2239 - [C#] Update S3249: Rule should not raise when the overrides only calls base and has attributes
- 2236 - [C#] Fix S3459: False Positive with interop methods
- 2195 - [C#, VB.NET] Fix S4275: FP when multiple assignments inside the setter
- 2140 - [C#, VB.NET] Fix S4275: FP when using MVVM frameworks
- 1865 - S1075 Refactor your code not to use hardcoded absolute paths or URIs - False Positive
7.12
Improvements
- 2354 - [C#] Update S4261: Rule should handle 'ValueTask'
- 2341 - [C#] Fix S4158: Rule should consider .NetCore 2.0+ 'Dictionary.TryAdd' method
- 2336 - [C#] S3900: Update documentation to mention protected methods
- 2313 - [C#] Update S3440: Allow property check before assignment
- 2306 - [C#] Update S1144: Rule should handle more unused types
- 2221 - [C#, VB.NET] Update S2551: Rule should raise an issue when locking on strings
Bug Fixes
- 2253 - [C#] Fix S3237: NullReferenceException with arrow expression of interface member
- 2252 - [C#] Fix S3237: NullReferenceException with arrow expression of interface member
- 2235 - [VB.NET] Fix S4143: AD0001 NullReferenceException
False Positive
- 2344 - [C#] Update S3874: FP with interface implementations
- 2314 - [C#] Fix S3247: FP when casting on different identifier
- 2312 - [C#] Fix S1144: False Positive when private member is only used in a generated file
- 2295 - [C#] Update S1905: False Positive with 'default'
- 2291 - [C#] Update S2933: Rule should not suggest adding readonly modifier for fields of type struct
- 2290 - [C#] Update S100: Allow two-letter acronyms
- 2285 - [C#] Update S2325: Rule should handle a whitelist of method names
7.11
New Rules
- 2062 - [VB.NET] Rule S126: "if ... else if" constructs should end with "else" clauses
- 2061 - [VB.NET] Rule S1125: Boolean literals should not be redundant
- 2060 - [VB.NET] Rule S1151: 'Select...Case' clauses should not have too many lines of code
- 2059 - [VB.NET] Rule S1145: Useless "if(true) {...}" and "if(false){...}" blocks should be removed
- 2058 - [VB.NET] Rule S107: Functions should not have too many parameters
- 2056 - [VB.NET] Rule S1110: Redundant parentheses should be removed
- 2055 - [VB.NET] Rule S2234: Parameters should be passed in the correct order
- 2054 - [VB.NET] Rule S1066: Collapsible "if" statements should be merged
- 2053 - [VB.NET] Rule S1172: Unused function parameters should be removed
- 2051 - [VB.NET] Rule S138: Procedures should not have too many lines of code
- 2047 - [VB.NET] Rule S108: Nested blocks of code should not be left empty
- 2042 - [VB.NET] Rule S1134: Track uses of "FIXME"
- 2041 - [VB.NET] Rule S1135: Track uses of "TODO"